Account Security 1 A password is still one of the most important credentials you need to secure your online account. Is it more important for your security that your password is long with many characters, or is it more important that your password is complex with many different characters? The length is more important than the complexity.Yes, but only a long and complex password is really safe. The complexity is more important than the length. Mathematically, the length is more important than the complexity, but only a long and complex password is really safe. Next 2 Why is it important to use a password management system? It is rather impossible for a human being today to remember all passwords, if all of them should be really secure and not used for various accounts. Because such a system warns a user if the account was hacked. Because online services like Facebook and Google can directly access all the passwords in plain text without any barriers, so that users do not have to type it in. This is more comfortable. Back Next 3 What is the core benefit of a Two Factor Authentication? It is impossible for an adversary to break into an account with 2FA, because only the user can access it. An adversary is not able to hack an account by only knowing the username and password. A second kind of credential is required to successfully log in. The service operating the account, for example a social network or an email provider, is not able to access user’s accounts. Back Next 4 You add to your log-in process a so-called “security question”. For example, you have to answer the question “Where was your mother born?” after you typed in your password. Is this a Two-Factor-Authentication? Yes, because you take two steps to log in, which is the idea of 2FA. No, because not all users may know where their mother was born. Such a 2FA would not be usable for everybody. No, because in both cases the credential is a knowledge-based factor. Both a password and the answer to the question can be provided by everybody who knows it. For a 2FA, you need two different kinds of factors, like knowledge and possession. Back Next 5 Why is it dangerous to click on a link of a sender you do not know and in a message you do not expect? It is not dangerous. As a journalist, you sometimes have to click on links from strangers, because it can be a new source. It can download a software, that is expensive and I have to pay for it without providing any further details of my bank account. Only a click on a link is enough. Because the link can open a phishing website, in which you lose your credentials to criminals, or you intentionally download a spyware. Back Evaluation Evaluation 1 A password is still one of the most important credentials you need to secure your online account. Is it more important for your security that your password is long with many characters, or is it more important that your password is complex with many different characters? Your answer was wrong: The length is more important than the complexity.Yes, but only a long and complex password is really safe. Explaination: Yes, but only a long and complex password is really safe. Your answer was wrong: The complexity is more important than the length. Explaination: No. Mathematically, the length is more important than the complexity, but only a long and complex password is really safe. Today, a password should not be shorter than twelve characters and you should not use the same password for various accounts. The correct answer is: Mathematically, the length is more important than the complexity, but only a long and complex password is really safe. 2 Why is it important to use a password management system? The correct answer is: It is rather impossible for a human being today to remember all passwords, if all of them should be really secure and not used for various accounts. Your answer was wrong: Because such a system warns a user if the account was hacked. Explaination: No. A password management system does not warn a user, but stores passwords. Users can access the password box with a master password, and do not have to remember all their passwords, but only one. Your answer was wrong: Because online services like Facebook and Google can directly access all the passwords in plain text without any barriers, so that users do not have to type it in. This is more comfortable. Explaination: No. Although some password management systems might automatically paste in the password of the service, the password is not accessible in plain text for the service. 3 What is the core benefit of a Two Factor Authentication? Your answer was wrong: It is impossible for an adversary to break into an account with 2FA, because only the user can access it. Explaination: No. Although 2FA blocks most of the attacks, very powerful adversaries may find a way to circumvent it; for example it already knows the password and spies on a smartphone on which a code is created as the second credential. While this is a very sophisticated attack, it is possible. The correct answer is: An adversary is not able to hack an account by only knowing the username and password. A second kind of credential is required to successfully log in. Your answer was wrong: The service operating the account, for example a social network or an email provider, is not able to access user’s accounts. Explaination: No. Also if you enable a 2FA on your account, the service is probably still able to access it as well without letting you know it. 4 You add to your log-in process a so-called “security question”. For example, you have to answer the question “Where was your mother born?” after you typed in your password. Is this a Two-Factor-Authentication? Your answer was wrong: Yes, because you take two steps to log in, which is the idea of 2FA. Explaination: No, two steps is not always secure. It is important two have different kinds of factors to log in. For example, entering a password that you know and entering a temporary code that is generated on your phone, that you have to possess in that moment. Your answer was wrong: No, because not all users may know where their mother was born. Such a 2FA would not be usable for everybody. Explaination: No, two steps is not always secure. It is important two have different kinds of factors to log in. For example, entering a password that you know and entering a temporary code that is generated on your phone, that you have to possess in that moment. The correct answer is: No, because in both cases the credential is a knowledge-based factor. Both a password and the answer to the question can be provided by everybody who knows it. For a 2FA, you need two different kinds of factors, like knowledge and possession. 5 Why is it dangerous to click on a link of a sender you do not know and in a message you do not expect? Your answer was wrong: It is not dangerous. As a journalist, you sometimes have to click on links from strangers, because it can be a new source. Explaination: Not every link is dangerous indeed. However, phishing is still one of the most common threats for journalists online – and it mostly comes with a non-trustworthy link. You should be very careful clicking on something you are not absolutely sure about. Your answer was wrong: It can download a software, that is expensive and I have to pay for it without providing any further details of my bank account. Only a click on a link is enough. Explaination: No, this is at least very, very unlikely. The click itself will probably not empty your account – but a spyware can be downloaded, with which criminals steal your bank information and make transactions. The correct answer is: Because the link can open a phishing website, in which you lose your credentials to criminals, or you intentionally download a spyware. Back Print page